Hands-on with Apple’s Touch ID: Thumbs up for fingerprint sensors

When we got our literal hands on the iPhone 5s this morning, the first thing we did was try out Touch ID, the new fingerprint sensor technology included with the device.

You can jump right in with the feature if you’re setting up the phone as a new device, or head to the settings pane to activate it. The Passcode Lock setting under General has been changed to a Passcode & Fingerprint section.

Setup

If you haven’t been using a passcode on your iPhone, you’ll need to set one up to use Touch ID. That might seem counterintuitive, but Apple wants to have that extra layer of security just in case. You’ll be required to enter the passcode manually upon five unsuccessful fingerprint unlock attempts, after restarting the device, when 48 hours have elapsed between unlocks, and to get into the Passcode & Fingerprint settings.

To incorporate the new sensor, the iPhone 5s has a redesigned home button. The button is now made of sapphire crystal, so its appearance doesn’t exactly match the rest of the front face. The upside, however, is that Apple has done away with the square symbol on the button. A steel ring now surrounds the button. The ring isn’t that noticeable on the space gray version that I have, but it stands out more on the silver and gold models. The sensor itself uses capacitive touch to analyze beneath the surface skin of your finger.

In order to record a fingerprint, you’ll need to tap the home button and lift your finger repeatedly until your print has been analyzed. The whole process takes about 30 seconds.

You can store up to five individual prints on your phone, and they don’t all have to be from the same person. In fact, it might not have to be a person at all. I didn’t have a test cat on hand, but we’ve heard that you can store a feline paw print.

Fingerprint information is stored in an encrypted section of the iPhone 5s’s A7 processor. Apple says it isn’t storing an actual image of the print, only a “mathematical representation” of it. The information is only accessible to Touch ID and is never sent into the cloud.

In order to get a match at first, you’ll need to make sure the majority of your finger has contact with the sensor. Apple has built Touch ID to be a learning system, so it will improve over time, but don’t expect it to work with just the tip of your finger from the get go.

Once you’ve set up Touch ID, getting a proper match with the sensor takes a little less than a second (0.8 seconds on average according on my unscientific tests). Unlocking a phone with a four number pin code takes roughly the same amount of time, but it also requires that you look and aim correctly. Keep in mind, you might also activate a more complex passcode with letters and numbers now that you won’t have to enter it as often.

The real benefit of Touch ID comes when you use it to authorize iTunes and App Store purchases. If you’re heavily invested in Apple’s system, your AppleID password should be a difficult one to type. For instance, mine takes between six and 10 seconds to type.

Apple understands that having to regularly type in our passwords amounts to a degraded user experience. In this regard, Touch ID is an elegant solution because it doesn’t compromise on either security or convenience. You might only be saving a few seconds each time, but, considering how often we use our phones, those will add up quickly.

The privacy question

There are genuine privacy concerns involved with introducing fingerprint authentication for our phones. US Senator Al Franken has challenged Apple to provide more information on how it is handling the technology. Frankly, the main issue comes down to whether or not you trust Apple. If you don’t trust Apple to have put sufficient engineering resources to come up with a reliable solution, then you’re probably not going to be buying the iPhone 5s anyway. You can, of course, always disable the feature.

While I’m slightly wary of the possibility that my fingerprint data could end up in the wrong hands (I’m looking at you, NSA), but the small conveniences and added security that Touch ID brings are worth the risk, in my opinion. The truth is that we make these sorts of privacy compromises with Internet companies on a daily basis.

I won’t be surprised if an illustrious security researcher manages to extract the fingerprint data from Touch ID over the coming months, but I suspect that it will require physical access to the phone. By that point, an attacker could simply lift your prints from the touchscreen glass.

This isn’t an insignificant issue, and it’s not the last time we’ll be hearing about this. With Touch ID, Apple has introduced millions of consumers to biometric authentication, a process that has largely been reserved for the enterprise and security industries. Ongoing debate is needed as we move forward with this kind of technology, and it’s in everyone’s interests for Apple to remain an open participant in the conversation.

If you want to study up on Touch ID, Apple’s promotional video is a good place to start:

Final thoughts

Touch ID is subtle. It’s designed to get out of the way and let you get right to whatever it is you want do on your iPhone. I wouldn’t advise buying the iPhone 5s just for the feature, but once you start using it, you won’t want to go back.